Secured eMail 2.2 aims to simplify e-mail encryption so people will actually use it. It integrates with Outlook, and a Lotus Notes version is due later this year. To initiate secure communication, you simply send an encrypted message and separately transmit a shared-secret passphrase. A first-time recipient has to download the free reader and enter the shared secret. For fellow Outlook users, Secured eMail decrypts messages automatically; those using other e-mail clients must launch an attachment. If you use Outlook, you can encrypt any number of replies to secured messages for free. Those wanting to try the product can originate up to ten encrypted messages at no cost.

Secured eMail uses a patented technique called Simultaneous Key Generation. Unlike Public Key cryptographic solutions such as PGP Desktop, which require a key-repository server for storing and looking up public keys, SKG generates the same key on both your system and the recipient's. Keys are based on your e-mail addresses and the shared secret. Each message gets a new key.

The shared secret (which can be up to 256 characters long) isn't stored separately and can't be recovered. Since Secured eMail encrypts data at your desktop and decrypts it at the recipient's desktop (both processes use the 256-bit AES algorithm), the clear, unencrypted text never leaves your computer.

Secured eMail is unobtrusive and easy to use. It conveniently adds a Send Secured button to Outlook's message composition window (unfortunately, though, the process creates an entire toolbar for just one button). The first time you use Send Secured, the program prompts you to create a shared secret for your contactSecured eMail will even print a page to mail or fax the secret. (You can optionally generate a separate e-mail containing the secret, but this is less secure, of course.) While you can access the utility's minimal configuration settings from Outlook's Tools menu, you'll rarely use them other than to change the default text of fields like the subject line for secure messages (the actual subject is encrypted) and the mail/fax shared-secret letter.

First-time recipients click on a link to download the free 4MB reader directly from Secured eMail. Those with a healthy suspicion of links sent by e-mail can get the reader from Microsoft's windowsmarketplace.com. After completing the one-time installation and entering the shared secret, secure communication is a snap. Outlook's preview pane shows the unencrypted message, but opening the message brings up brings up the secured version without any noticeable pause for decryption.

There's one minor downside to this transparency: If you open a message by clicking "yes" in response to the New Mail desktop alert, you'll have no indication that it was sent to you encrypted. And even if you know it was sent secured, it's very easy to click Send or use the Ctrl+Enter send shortcut out of habit when replying. But you must click the Send Secured button in order to encrypt your reply; forgetting to do so can jeopardize the security of the entire conversation.

I had no trouble receiving and viewing encrypted mail on a Thunderbird/Firefox system, though there wasn't an option for a secured replythat feature requires Outlook. Launching the attachment displayed the secured message in Internet Explorer. A Windows 98 system using Outlook Express gave me a bit of grief, however.

Everything seemed to work, right up to the point of actually viewing the secured message. With very short messages ("this is a test," for example), the reader would decrypt the subject and any attachments but omit the body content. Longer, more realistic messages came through just fine. Experts at Secured eMail verified this bug, which they'll fix in the next release.

The home user package described here is a one-time purchase. With the three successively higher-end packages, which offer business-oriented features, you pay a yearly maintenance fee. Administrators using the Professional edition can create additional security requirements: For example, they can configure the utility so that users must enter a PIN to encrypt or decrypt e-mail.

The Corporate edition lets you establish a single master-key password that will unlock any employee's messages. You can also customize the installation image and deploy it from a central server. The Enterprise edition goes even further, allowing you to perform admin tasks via a server and configure secure communication for groups without going through the shared-secret process. All editions rely on the same underlying SKG technology, though.

I like this encryption solution's simplicity and the fact that sensitive content stays encrypted all the way from your desktop to the recipient's. Since you don't need to define and publish a public key, trying out the technology is easy. But, as noted, accidentally replying without encryption is also easy, thereby risking the security of your entire sensitive conversation. You'll have to train yourself to use Send Secured correctly. If you're an Outlook user and Secured eMail Home 2.2 sounds interesting, give it a try, since those first ten secured messages won't cost you anything.

Read More

About the Author

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted b... See Full Bio

Secured eMail Home 2.2

Secured eMail Home 2.2

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.